Privacy & Ex Libris
Should you have questions about how we safeguard your privacy, contact our Privacy Office at firstname.lastname@example.org
Session & User Input Cookies
When you register with an Ex Libris site, we generate cookies that signal whether you are signed in. Our servers use these cookies to know which account you are signed in with, and if you are allowed access to a particular service. They also allow us to associate any comments you post with your username. If you have not selected “keep me signed in,” your cookies are deleted when you either close your browser or shut down your computer.
The General Data Protection Regulation (GDPR)
On May 25, 2018, a new privacy law called the General Data Protection Regulation (GDPR) began to apply in the European Union (EU). The GDPR replaces the Data Protection Directive (the Directive) which has been in effect since 1995. While the GDPR preserves many of the principles established in the Directive, the GDPR gives individuals greater control over their personal data and imposes many new obligations on organizations that collect, handle, or process personal data.
Ex Libris is committed to GDPR compliance. We have closely analyzed the requirements of the GDPR, and our engineering, product, security and legal teams have been working to align our procedures, documentation, contracts, and services to support compliance with the GDPR. We also support our customers during their GDPR compliance journey with our strong foundation of implemented security and privacy frameworks and certified security and privacy controls.
Data Processing Addendum
Ex Libris has published a Data Processing Addendum (DPA) for each of our product groups to incorporate the appropriate terms required by the GDPR into the relevant customer agreements. The DPAs have been created under the supervision of EU privacy experts and are designed to comply with the GDPR and to reflect the specific details of the data processing activities within Ex Libris’ services. All customers that are processing personal data that is subject to the GDPR through Ex Libris services should download, sign, and return the appropriate product DPA to allow both the customer and Ex Libris to comply with the DPA requirements of the GDPR.
EU-US and Swiss-US Privacy Shield Frameworks
Ex Libris complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Ex Libris has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.
To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov
To learn about how Ex Libris is responding to the European Court of Justice decision on 16 July 2020 invalidating the EU-U.S. Privacy Shield Framework, please visit: Ex Libris Statement Regarding the Privacy Shield Framework
ISO 27018:2014 Certified – Protection of Personally Identifiable Information
This ISO standard establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
Ex Libris complies with this standard and is ISO 27018 certified. This standard was originally published in 2014, and Ex Libris has been certified since 2016.
ISO 27701:2019 Certified – Privacy Information Management System (PIMS)
The ISO/IEC 27701:2019 is a data privacy extension to ISO 27001. ISO/IEC 27701 Privacy Information Management System (PIMS) is a standard that provides guidance for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS).
Ex Libris complies with this standard and is ISO 27701 certified. This standard establishes privacy requirements and helps manage privacy risks related to personally identifiable information (PII), outlines a comprehensive set of operational controls that can be mapped to various regulations, and helps Ex Libris comply with GDPR as well as other data protection regulations.
The ISO 27701 was originally published in 2019, and Ex Libris has been certified since 2020.
Data Protection Officer (DPO)
Ex Libris has appointed a Data Protection Officer who is responsible for, among other duties, ensuring that:
- Ex Libris complies with all relevant privacy-related legislation
- Employees are fully informed of their own responsibilities for acting within the law
- Ex Libris has proper risk-based systems of control over the personal data that it processes
- Ex Libris deals promptly and professionally with requests for information
- When acting as a data controller, Ex Libris will provide data subjects with a reasonable access mechanism that enables them to access their personal data and will allow them to update, rectify, erase, or transmit their personal data
Please contact our DPO at email@example.com